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METHOD AND SYSTEM FOR GENERATING AND USING A VORUS FREE FDLE 

CERTQFflCATE 

Technical field 

The present invention relates to computer virus and more particularly to a method 
and system for generating and using a virus-free file certificate. 

Background of 2he invention 

Among all computing and networking security issues, the most important cause of 
concern does not come from intrusions, but from the widespread proliferation of 
viruses. Viral infections represent the great majority of all security incidents. 

Vogtus ProtectSoini 

Virus protection for large organizations has become more and more complex and 

difficult because of : c - 

o the combined use of heterogeneous systems and practices, 

o the widespread use of distributed or client/server systems, and 

o the free exchange of data files via network sharing, e-mail, Internet ... 

Until recently, viral infections threatened only data residing on storage media, such 
as hard drives and floppy disks. However, with the emergence of macro viruses, the 
threat has spread to applications. Most organizations are not aware of this level of 
penetration and are not organized to manage and prevent virus attacks. An 
effective virus protection software must prevent infections rather than simply treating 
them after they have already occurred. Anti-virus solutions need a uniform plan, 
with a centralized control, automated virus signature updates, and support for 
multiple platforms, protocols, and file types. 
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A computer v,rus » any p ^ ^ A ^ ,„ 

by attaching Ml to programs, files, or even <° 0nce a virus resides 

abated when me infected tiie or disk . opened or «~-* ° 

users and network managers. There are tour generai types ot computer 

. File Viruses (including macro viruses), which are attached to *'' es ' 

. Bool sector Viruses in wh*h the hoc, sectors o, fioppy or hard disks 

. Itlo, Kecord <«*, Viruses wh*h intect the disk master hoo, record- 
Viruses tha, are a combination ot a fiie virus and a hoo, sector 

virus 



m —» <— • •»«""* " *"• 

sophisticated virus types: 

. P o lym or P h.= Viruses : the, change their signature, or profile, each time 
th ey are activated so that a flxed ^nature filter will miss them. 

. Z» Viruses : they attempt to hide their presence by 

irrupt sauces and by feeding back .aise in.crma.ion to an,,v,rus products 

. Crises : they are delivered within an enc W ,ed file and are 
undetectable by a simple anti-virus. 



Sources of Infection 
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Every improvement in network and communication technologies opens new 
avenues through which viruses can infect your system. Most of former viruses were 
boot sector viruses, in which the boot sectors of floppy or hard disks were infected. 

Macro VSiruses 

As stated earlier, the creation of macro viruses has changed this environment 
dramatically. A macro virus is a set of instructions comprising powerful macro 
routines initially designed for word processing and spreadsheet applications. These 
macro languages enable a myriad of useful functions which can be imbedded into a 
document and which can be executed when the document is opened for view or 
use. 



With the exploding development of the Internet, viruses have catastrophic 

possibilities. The Internet introduces two different virus threats. 

o The first threat is caused by the download of files comprising viruses when these 
files are browsed or transferred using for instance FTP (File Transfer Protocol) 
routines. Public shareware (shared software) and executable routines of all 
types, including formatted presentations, are a growing source of virus infection. 
Furthermore, new Internet virus threats are beginning to appear in the form of 
malicious JAVA and Active-X applets. 

° The second threat comes from electronic mail (e-mail). Most Internet e-mail 
systems provide a very rich capability to attach formatted documents to mail sent 
over the network. These e-mail messages can be broadcast to individuals or 
groups of individuals with the simple stroke of a key! Infected documents or files 
can flood a corporate network through gateways and mail servers. As 
networking, telecommunications, remote access, message systems supporting 
attachments of all kinds become more and more common, viruses will exploit 
these new electronic pathways to attack systems that were heretofore 
unreachable. 
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»m Itti 

0(§rO1f20Q0j " **"' 

Groupware Complications ^ 
A th ;,rd trend in network also exacerbates * 1^ ^ 

deployment of Groupware applications such as Lotus Notes, 

Novell Groupwise, ... oottA/n rk is at the core 

of these applications, they represent a fertrte gr 

vlrU ses. A Groupware application no, only ^ ^LZ^^ 

^ -,t c milaborative function, it simultaneously uiu 
oocuments.but.dueto «. °« ,., es signiflcantly mu „ ip ,ies the 

to associated work groups. The broadcast ^ 
possibilHy of accident* deploying mail .ntected by attached m 
makes Groupware protection a high priority. 

S ^° mSO, ~;nl n ain undetected as ,ong as possible to extend their 

m;r — - — r — r: 

-"T « dTZ =1:1 --s or user 

Some of these symptoms include: 
o increase in byte length of files, 
o Alterations of a file's time stamp, 
o Delayed program loading or activation, 
o Reduced performance, 

o Lower system resources, available memory, disk space, 
o Bad sectors on floppies and hard drives, 
o Strange or non-standard error messages, 
o Non-standard screen activity, display fluctuations, 
o Program inoperability (failing to execute), 
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o Incomplete or failed system boots, and 
o Uninitiated drive writes. 

Anfti-viirus Software Overview 
Detecting a Virus 

Viruses are becoming increasingly sophisticated and, as such, can defeat simpler, 
single dimension software packages. To be effective, the anti-virus software must 
include special-purpose, distributed applications. Applications can detect viruses 
using five distinct methods: 

° Signature Scanning: This method compares the content of files against a 
database of virus signatures. This method requires frequent updates of the 
database to ensure the identification of new and changing signatures. 
° [Integrity Checking: This method compares the profile of current files and disk 
areas against an archived snap shop of these same items. The detected 
differences may indicate the presence of a virus. Check summing is the most 
common type of integrity checking. Unfortunately, integrity checking is generally 
not effective against modem stealth viruses, so further detecting means are 
needed. 

° Heuristic Analysis: An artificial intelligence monitors virus-like behavior, such 
as trapping certain interrupt services or attempting unlikely actions such as 
reformatting the hard disk. 

° Polymorphic Analysis: Polymorphic viruses are difficult to detect because 
they constantly change their look, particularly when they are encrypted or when 
they use stealth techniques to hide their presence. A polymorphic analyzer will 
move any suspect file to a separate, protected, location in the computer and will 
execute it there to see if it exhibits any virus-like behavior. 

° Macro Varus Analysis: A specifically designed anti-virus software detects 
macros in files and tests them before execution. 
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Archived and Compressed Files an Active anti-virus 

. nf these five types of virus analysis, an effective ami vi 
In addition to the support of these nve typ 

, u~ t n -scan archived and compressed files. Zip tor rww 

^ctrirri, ^ - - - - °— : 

^ A virus can hide inside a compressed archive, and can rema,n 

lid - the — . * — ^— r~ 

minimum for an efficient anti-v,rus system « to be able 
archives to identify viruses stored within the files they contarn. 

Frequency of Database Signature Update 

Fin a„y, the ab„«y of a virus software to prevent v,rus attac^ « ^ V 
have an associated, easily accessible 

.formation, where re^ar *». -J- up^ ca ^ 

automate this update process by using an mie 
new information have a clear advantage in this regard. 

Real Time and Scheduled Virus Scaring 

Most anti-virus software can perform a scan of a computer ,n °^^L* 

Scanning a computer for viruses can occur : 

. at regular intervals under the control of a scheduler, or 

. as an on-demand operation manually executed, or recoanizab ly 
. as an event-activated operation (usually in response to some recognizably 

"illegal" behavior by a potential virus). 
ln addln, viruses can be detected in rea, time, when they are rece^ ^ 
oap abii*y is important because „ viruses can be detected when they atfcm to ^ 
JL a system (computer, data repose, se W er then * - po-* » P 
them from corrupt other files. Oftentimes, a schemed scan may occur a«e 
a virus has aiready entered within a computer and has corrupted other fries. 
Obviously, the earlier a virus can be detected, the better. 
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To be truly useful, an anti-virus software must have the ability to perform all types of 
scans. 

Certificate 

A Certificate is a structure that contains a public value (i.e. a public key) associated 
with an identity. For instance, within a X.509 Certificate, the public key is bound to a 
"user's name". A third party (a Certificate Authority) attests that the public key 
belongs to the user. A X.509 Certificate is a very formal structure and comprises 
different elements: 

* Subject: This is the "user's name" (the Subject can be any identity value). 

o Issuer: This is the name of the third party that has issued/generated the 
certificate. This third party is the Certificate Authority (CA). 

o Public Key Value: This is the public key of a public/private key pair. An 
associated field defines the public key algorithm that must be used, for 
instance a RSA , Diffie-Hellman or DSA public key. 

Validity: Two fields are used to define the period of validity (valid from date 1 
and valid to date 2). 

° Serial Number: This field provides a unique Certificate serial number for the 
issuer. 

• Signature: The signature is an encrypted digest generated by the Certificate 
Authority (CA) for authenticating the whole certificate. The digest results from 
the hashing of the Certificate. The digest is encrypted using the CA private 
key. The encrypted digest which is the signature, "certifies" that the Subject is 
the "owner" of the public and private keys. 
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Certificate Verification . 

The certificate needs ,o be verified ,o ensure .ha. it is va.id. Th,s ,s a ourte complex 

"oeess. ^ version by an end user of a Certificate corpses me check,ng of 

the following elements: 

. Vaiid (or any) SubjeC and issuer names are defined in me Certificate. 

. The Certificate is no. expired (checking of the Validity period field). 

. The Certificate has no, been revoked (.his may be determined by ob.arn.ng 

current Certificate Revocation List from the CA). 
. The signature on the Certificate is valk. (.he signature is no. veriffcd by us,ng 

the certificate's public key but by using the CA public key). 

The method for validating .he signature is quite simple, and comprises .he steps of: 

. extracting the issuers name (CA name) from the Certificate; 
. l0 ca.ing .he issuer's Certificate (CA Certificate) or the issuer's publrc key 
(CA public key). 

. checking .ha. .he end user's Certificate signature was generated by 
issuer (CA) using the issuer's public key (CA public key). 

Certificates are generated by a Certificate Authority (CA). Two main me,hods can be 

used: 

. Centra* G—«*»r The prtvate/public key pair is generated by .he end 
user (defined in ,he subiec, field o, ft. Certificate). The public ke, « d,reC y 
provided by the end user .0 fte CA software .0 create a Cerfifica.. The 
Certificate can be provided ,0 anchor end user via any suiteble channel. The 
channel does no. have .0 be secure because a Certificate is a sel, proteCng 
structure (given the CA's signature). 
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o Distributed Generation: The private/public key pair is generated by the end 
user. The end user requests the CA to build a Certificate including the end user 
public key. The public key is then sent to the CA for certification. If the request is 
valid then the CA returns a Certificate associating the user identity with the user 
public key to the end user. 

Of course these two methods can be combined in any system, because trusted CA 
keys are generated by the Certificate Authority (CA). 



Current anti-virus method are becoming more and more complex due to: 

° the number of viruses, 

° the difficulty to find them, and 

° the fact that their signature can change with time or environment. 
Virus are coming from everywhere and especially from the Internet network. The 
time required to check a disk within a computer system, becomes more and more 
important. Furthermore, the checking of a disk involves the use of resources which 
may prevent the normal use of the computer system. 

An object of the present invention is to improve current anti-virus methods and to 
provide a new method using file Certificates similar to X.509 Certificates used to 
authenticate an identity. A specific process associates a Certificate with a file to 
speed up and improve the anti-virus processing. 

It is another object of the present invention to associate files with a Certificate in 
view of simplifying the anti-virus processing of said files. 

It is another object of the present invention to validate a file against all known 
viruses. A Certificate is added to the file. The Certificate includes a signature made 
by a trusted server. This signature avoids local computer systems to check this file 
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Objects of the invention 




• The trusted sewer validates the We against all known viruses. 

for a existing v,ru, Janti-virus checkers. In case of new virus on* the 

^s sewer can use one or severe an, ^ ^ ^ ^ 

. is another obj ec, o, the prose, — , = l - — 

— used ,or r:rr: :rc;:, a :is is d 0ne «. «- - 

certificates suppressing the nsK ot virus 
being done locally on each computer system. 

associated with a file using a trusted Ann v.r 

t . n t _ llse this virus-free Certificate on a 
,t is another object of the present .nvent.on to use 

workstation to perform an anti-virus detection. 

Summary of the invention 

The present invention relates to computers ^^^^ 
and system tor generating and us,ng a v,rus-free Me certmca 
in a virus-free certificate authority, comprises the steps of. 

. determining whether the file is virus-free or not; 

n the file is declared virus-free by the virus-free certificate authority: 

. generating a virus-free certificate comprising a file signature for cer«y,ng ma, 

sa ,d file is declared virus-free by the virus-free certificate authonty; 
. sending bac* in response to the virus-free certificate reguest me v,rus free 



certificate. 
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The method, for use in a server or client system, comprises the steps of: 
o determining whether a virus-free certificate is associated with a file; 
if a virus-free certificate is associated with the file: 

° authenticating the virus-free certificate, said virus-free certificate comprising a 
certificate signature; 

° authenticating the file, said virus-free certificate comprising a file signature, said 
file signature certifying that said file has been declared virus-free by a virus-free 
certificate authority. 



The novel and inventive features believed characteristics of the invention are set 
forth in the appended claims. The invention itself, however, as well as a preferred 
mode of use, further objects and advantages thereof, will best be understood by 
reference to the following detailed description of an illustrative detailed embodiment 
when read in conjunction with the accompanying drawings, wherein : 

° Figure 1 describes the different entities involved in the anti-virus system 

according to the present invention. 
° Figure 2 describes the content of a virus-free Certificate according to the 

present invention. 

° Figure 3 is a flow chart of the method of requesting and generating a 
virus-free Certificate for a file according to the present invention. 

° Figures 4a and 4b are a flow charts of the method of using a virus-free 
Certificate in a workstation according to the present invention. 



Brief description of the drawings 



Preferred embodiment of the invention 
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Xse. — „. In most - the case, - ,e that * den, 

req uires is stored in a Web / Fiie Sen,er ,101). A Certificate, stored 

requires, ■& »i Certificate is 

ZTis i: ; X we, / * -~ 00, - - 

Server (102) through a LAN / WAN (Loca, Area Network / W,de Area Netwo* ( 03) 
ririncJe the internet - The «~ — ^ 
downloads both «.e and associated Cert*a.e in a d.rectory a <. asKs an, 

,„ check the We This checking process does not use any standard 
Ilin J! based on the previous, do— Cert* c ^ 
V eri,ica, to n reared tor determining whether ^ 
verification o, the signature compnsed ,n the Certrteate. All t 
method will be better understood with respect to Figures 2, 3 and 4a/4b. 

Virus-free Certificate nre . pnt 
Rgu re 2 describes the content o, a vlrus-free Certificate according to the presen 

ion The virus-free Cerate reuses the standard X.509 certificate forma,, 
la s the s,gna,ure o, ,he file and before is bound ,o this r„e The ma 
Ifference between a X.509 Certified and ,he vlrus-free Cert«ica,e . « <he 
virus-free Certificate comprises: 

o an anti-virus name and level; 

o a signature of the file. 

The virus-free Certificate (200) includes the following fields: 

. Rte nam e (201,: This is the -name- o, the file protected that the vims-free 
Certificate protects. 
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o Issues* (202): This is the "name" of the third party that issued/generated the 
virus-free Certificate. This third party is the Virus-free Certificate Authority (VCA). 

° Public Key Value (203): This is the public key of a public/private key pair. An 
associated field defines the public key algorithm that must be used to check the 
file signature, for instance a RSA , Diffie-Hellman or DSA public key. The public 
key is provided by the Virus-free Certificate Authority which uses the 
corresponding private key to build the signature of files. So the same 
private/public key pair may be used to build several virus-free Certificates from 
the same issuer. This public key within the virus-free Certificate is preferably 
used instead of the Virus-free Certificate Authority public key which is used to 
validate only the present certificate signature and not the file signature. A public 
key for decrypting the imbedded signature is added within the virus-free 
Certificate because the Virus-free Certificate Authority public key is generally 
longer and more complex. The validity of keys may also differ between the 
Virus-free Certificate Authority public key and the virus-free Certificate public key. 
Anyway, because the virus-free Certificate is signed by the Virus-free Certificate 
Authority, the use of the virus-free Certificate public key is secure. 

Validity (204): Two fields are used to define the period of validity (valid from date 
1 and valid to date 2). 

• Serial Number (205): This field provides a unique virus-free Certificate serial 
number for the issuer. 

o Certificate Signature (206): The certificate signature is an encrypted digest 
generated by the Virus-free Certificate Authority (VCA) for authenticating the 
whole Certificate. The digest results from the hashing of the virus-free Certificate. 
The digest is encrypted using the VCA private key. The certificate signature 
results from the encrypted digest and "certifies" that the file signature is 
encrypted by the private key associated with the virus-free certificate public key 
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,2031 The Vims-tree Certificate Authority (VGA) public key is different from the 
virus-free Certificate public key and is either preceded in .he wet browser or 
given by a trusted entity. The VGA public key is used to retrieve the ong,nal 
hashing of the ,u„ certificate. The Virus-.ree Certificate Authority (VCA) can use 
L sal se, of virus-free certificate private / public keys (203) for a,, the ,.es 
generated during a given period o, time so the cross-checking of the issuer 
authentication can be easily performed time to time, when a new -<*••»•» 
U sed Once the virus-free Certificate public key for a issuer is validated, ,« can be 

virus-free Certificate public keys. 

H,e S^ure (207): The File Signature is verified using the public key vaiue 
given in the virus-free Certificate 

. AnM us CHecKer ,20S>: This field grves an indication o, how the vin.s-free 
Certificate has verified that the file was virus-free. The Anti-virus Checker 
oomprises the name and the levet o, the anti-virus program. Several an,,v,rus 
programs and ieveis may be appended to reinforce the efficiency of the 

anti-virus detection. 

. Certl «ca.e Structure (209): This field describes the size and the content of the 
vims-free Certificate fieids. The number or anti-virus program is defined ,n th,s 

. ,f the virus-free Certificate uses a standard format (minimum s.ze of a 

virus-free Certificate), this field is optional. 
. ,f the size of the virus-free Certificate is above the size of the standard format 

(above the minimum size), this field is mandatory and defines the size of the 

fields comprised in the virus-free Certificate. 



Virus-free Certificate Generation 



FR9 99117/YNE 



Figure 3 describes the process of requesting a virus-free Certificate for a file located 
on a Web Server or on a File Server (101). Nothing prevents workstations (100) to 
request a Certificate Authority (102) to build virus-free Certificates in real time but 
the most appropriate way to do is to let the Web / File Servers (101) send requests 
to the Certificate Authority (102) to build virus-free Certificates and to let them store 
the files and associated anti-virus Certificate together. The method of requesting and 
generating a virus-free certificate comprises the following steps: 

° (300) When a new file requires a virus-free Certificate, the requester, Web /File 
Server (101) or workstation (100), sends a virus-free Certificate request message 
to a Virus-free Certificate Authority (VGA) Server (102). Either the file is sent to 
the Virus-free Certificate Authority (VCA) Server (102) in addition to this request 
message or the checking / signature is done on the Web / File Server (101) or 
workstation (100) where the file is stored. The request may specify the anti-virus 
checking method or the use of a particular anti-virus program. 

° (301) The Virus-free Certificate Authority (VCA) Server starts by checking the file. 

° (302) The Virus-free Certificate determines whether the file is virus-free or not : 

If a virus is detected, 

° (307) the VCA Server answers the requester with an information concerning 
the detected virus. 

° (308) Eventually, the VCA Server sends back to the requested a corrected 
file. 

If no virus is detected, 

° (303) A signature of the file is established. 

° (304) The virus-free Certificate is prepared with this signature. 
FR9 99 117/YNE 




o (305) The virus-free Certificate and the requester identification, are then 
stored in the VCA. The requester identification may include the file location 
within the Web / File Server or workstation. The file location is useful when 
the requester needs a regular and automatic update of the virus-free 
Certificate (for instance, when the virus-free Certificate expires or when a new 
level of anti-virus program is provided). In that case the VCA can access the 
file and can update the virus-free Certificate without any action from the 
Server or workstation. 



(306) 



Finally, the virus-free Certificate is sent to the requester. 



For a better understanding, the VCA is shown in the present embodiment as an 
independent Server. However, the VCA can be located within a Web / file Server 
(101). It is possible for a master Certificate Authority server to delegate v.rus-free 
Certificate establishment to trusted servers or workstations. 

Virus-Free Certificate Utilization 

Figures 4a and 4b describe the process of using the virus-free Certificate in a 
workstation according to the present invention. A Fi.e is downloaded with its 
free-virus Certificate onto a workstation. The anti-virus program performs a checking 
on this incoming file. The anti-virus program can also check all files assigned by 
configuration. Some files may have an associated virus-free Certificate, other files 
may have no Certificate. The present method of a using a free-virus Certificate in a 
workstation comprises the following steps: 

o (400) When scanning files, the anti-virus program first looks for the virus-free 
Certificate associated with the file to check. The virus-free Certificate may be in 
the same directory as the file or in a specific directory with all free-virus 
Certificates. Other settings may be defined but the two settings above are the 
these used in the present embodiment. 
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° (401) The virus-free program looks for the virus-free Certificate: 

If a virus-free Certificate for this file is not found: 

° (402) The process goes on as described in the background art. 

° (403) The process goes on by checking the next file. 

If the virus-free Certificate for this file is found: 

° (404) The virus-free Certificate is authenticated using the certificate signature 
and the VCA public key. The VCA public key is in the workstation or if not 
must be retrieved through a secure channel. The VCA server may be 
authenticated by another CA having the required public key. 

° (405) Date of expiration, issuer name (VCA name), in addition to the 
certificate signature determined in the previous step (404) are checked and 
validated. The anti-virus program may also be checked and in particular 
levels used to build the Certificate which may or may not be accepted by the 
local anti-virus program depending on predetermined rules. 

° (406) If the virus-free Certificate is not valid or authenticated with some 
obsolete or non matching rules, a log is performed in order to process on real 
time or on batch mode a refresh action on the VCA to update the Certificate 
in order to match the rules and dates. When received the new Certificates will 
allow to process again these files for anti-virus checking. 

° (407) If the virus-free Certificate is fully authenticated, the file signature is 
verified using the public value key included in the virus-free Certificate. The 
public value key must match with the file signature also included in the 
virus-free Certificate. 
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o (408) The file signature is checked. 



If the file signature is OK, 

o (409) The next file is checked. 

If the file signature is not OK, 
° (410) A log error is performed. 

(41 1) The normal anti-virus program is activated to check this suspect file, 
o (412) Finally, the next file is checked. 

The Log Error file is processed at the end of the file checking and may ask the VGA 
to check the file again in order to produce another virus-free Certificate. If a virus is 
found on this file, the security administrator will retrieve all available information to 
understand where the virus was introduced, who introduced it ... 

Advantages 

° The proposed invention provides a better and faster way for checking files 
against viruses. 

o Servers offer a better security for all the files they send to their clients. 

° The full anti-virus checking is performed once on the virus-free Certificate 

Authority (VCA) Server. 
° A Certificate update method is provided. 

o Normal ant-virus processes may be used as backup and may handle files without 
Certificate. The compatibility with existing anti-virus programs is easy because a 
software supervisor can 

° verify virus-free Certificates for files having one, and 

° rely on and call any anti-virus program to perform a state of the art virus 
detection for other files. 
° The present invention is 
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• for users, in line with current security strategies based on Certificate Authority 
and Certificates, and 

• for files, an extension that can be easily deployed. 

While the invention has been particularly shown and described with reference to a 
preferred embodiment, it will be understood that various changes in form and detail 
may be made therein without departing from the spirit, and scope of the invention. 
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Claims 



1. A method, for use in a virus-free certificate authority (102), of generating a 
virus-free certificate (200) certifying that a file is virus-free comprising the steps of: 

° receiving (300) a virus-free certificate request for a file from a system (100, 101); 
° determining (301) whether the file is virus-free or not; 

if the file is declared virus-free by the virus-free certificate authority (102): 

° generating (303, 304) a virus-free certificate (200) comprising a file signature 
(207) for certifying that said file is declared virus-free by the virus-free certificate 
authority (102); 

° sending (306) back in response to the virus-free certificate request the virus-free 
certificate (200). 

2. The method according to the preceding claim wherein the virus-free certificate 
request comprises: 

° a list of one or a plurality of anti-virus programs to execute on the file to 
determine whether the file is virus-free or not. 

3. The method according to any one of the preceding claims wherein the virus-free 
certificate request comprises: 

° the file for which a virus-free certificate is requested. 

4. The method according to any one of the preceding claims wherein said step of 
determining whether the file is virus-free or not comprises the further step of: 
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o executing (301) one or a plurality of anti-virus programs on said file for detecting 
viruses. 

5. The method according to any one of the preceding claims wherein the virus-free 
certificate further comprises: 

° the list of the one or plurality of anti-virus programs (208) that have been 
executed on the file. 

6. The method according to any one of the preceding claims wherein the virus-free 
certificate (200) further comprises: 

° a file identification (201); 

° a virus-free certificate authority identification (202); 

° a public key (203) for decrypting the file signature; 

° a certificate signature (206) for authenticating the virus-free certificate; 

o a indication of the virus-free certificate validity (204). 

7. The method according to any one of the preceding claims comprising the further 
steps (305) of: 

° identifying the system (100, 101) where the file and associated virus-free 

certificate are stored; 
° downloading updates of the virus-free certificate. 

8. The method according to any one of the preceding claims wherein the step of 
generating (303, 304) a file signature (207) comprises the further steps of: 

° hashing the file to generate a file digest; 
° encrypting the file digest using a private key. 
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9. A system, preferably a virus-free certificate authority (102), for carrying out the 
method according to any one of the preceding claims. 

10. A computer program comprising instructions for carrying out the method 
according to any one of claims 1 to 8. 

1 1 . A method, for use in a server (101) or client (100) system, of determining that a 
file is virus-free comprising the steps of: 

° determining (400) whether a virus-free certificate (200) is associated with a file; 
if a virus-free certificate is associated with the file: 

° authenticating (404) the virus-free certificate (200), said virus-free certificate 

comprising a certificate signature (206); 
° authenticating (407) the file, said virus-free certificate (200) comprising a file 

signature (207), said file signature certifying that said file has been declared 

virus-free by a virus-free certificate authority (102). 

12. The method according to the preceding claim wherein said step of 
authenticating (407) the file comprises the further steps of: 

° decrypting the file signature (207) using a public key (203) comprised in the 

virus-free certificate (200). 
° hashing the file to generate a file digest; 

° comparing the decrypted file signature with the generated file digest. 

13. The method according to any one of claims 11 to 12 wherein the step of 
authenticating the virus-free certificate comprises the further step of: 

° validating the virus-free certificate. 
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14. The method according to any one of claims 11 to 13 wherein the step of 
validating the virus-free certificate comprises the further step of: 

o determining whether the virus-free certificate is valid or not; 
If the virus-free certificate is not valid: 

o requesting a virus-free certificate update or an updated virus-free certificate 
update to a virus-free certificate authority (102). 

15. The method according to any one of the claims 11 to 14 wherein the virus-free 
certificate (200) further comprises: 

o a file identification (201 ); 

° a virus-free certificate authority identification (202); 
o a public key (203) for decrypting the file signature; 
o a indication of the virus-free certificate validity (204). 

16. A system, preferably a server (101) or client (100) system, for carrying out the 
method according to any one of claims 1 1 to 15. 

17. A computer program comprising instructions for carrying out the method 
according to any one of claims 1 1 to 15. 
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Abstract 

The present invention relates to computer virus and more particularly to a method 
and system for generating and using a virus-free file certificate. The method, for use 
in a virus-free certificate authority (102), comprises the steps of: 
° receiving (300) a virus-free certificate request for a file from a server (101) or a 

client (100) system; 
° determining (301) whether the file is virus-free or not; 
if the file is declared virus-free by the virus-free certificate authority (102): 
° generating (303, 304) a virus-free certificate (200) comprising a file signature 

(207) for certifying that said file is declared virus-free by the virus-free certificate 

authority (102); 

° sending (306) back in response to the virus-free certificate request the virus-free 
certificate (200). 

The method, for use in a server (101) or client (100) system, comprises the steps of: 
° determining (400) whether a virus-free certificate (200) is associated with a file; 
if a virus-free certificate is associated with the file: 

° authenticating (404) the virus-free certificate (200), said virus-free certificate 

comprising a certificate signature (206); 
° authenticating (407) the file, said virus-free certificate (200) comprising a file 

signature (207), said file signature certifying that said file has been declared 

virus-free by a virus-free certificate authority (102). 

Figure 1 
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